Privacy Policy

Last updated: January 6, 2026

1. Introduction

At sera, we take your privacy seriously. This Privacy Policy explains how we collect, use, protect, and share information about you when you use our service.

2. Information We Collect

Information You Provide

  • Account information (email address, password)
  • Conversation content and messages you send to sera
  • Payment information (processed securely through Stripe)
  • Communications with our support team

Automatically Collected Information

  • Device information (browser type, operating system)
  • Usage data (features used, time spent, interaction patterns)
  • IP address and general location data
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

  • Provide and improve our AI conversation service
  • Personalize your experience with sera
  • Process payments and manage subscriptions
  • Send important updates about your account or our service
  • Respond to your requests and provide customer support
  • Detect and prevent fraud, abuse, and security issues
  • Analyze usage patterns to improve our service

4. Information Sharing

We do not sell your personal information. We may share your information only in these circumstances:

  • Service Providers: With trusted third-party services that help us operate (e.g., Stripe for payments, Supabase for data storage)
  • Legal Requirements: When required by law or to protect our rights and safety
  • Business Transfers: In connection with a merger, sale, or acquisition
  • With Your Consent: When you explicitly authorize us to share your information

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption of data in transit and at rest
  • Secure authentication and access controls
  • Regular security audits and updates
  • Limited employee access to personal data

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

You have the right to:

  • Access the personal information we have about you
  • Request correction of inaccurate information
  • Request deletion of your account and data
  • Opt out of marketing communications
  • Export your conversation history
  • Withdraw consent where we rely on it

To exercise these rights, please contact us.

7. Data Retention

We retain your information according to the following schedule:

  • Account Information: Retained for as long as your account is active, plus 30 days after deletion to allow for account recovery
  • Conversation History: Retained for the duration of your account. You may delete individual conversations at any time from your dashboard
  • Payment Records: Retained for 7 years as required by tax and financial regulations
  • Usage Analytics: Anonymized data may be retained indefinitely to improve our service
  • Support Communications: Retained for 2 years after resolution

Account Deletion: When you delete your account, we will permanently delete your personal data within 30 days. Some anonymized, aggregated data may be retained for analytical purposes. You can request immediate deletion by contacting us.

Data Export: You can export your conversation history at any time from your dashboard in JSON, text, or markdown format.

8. Children's Privacy

sera is not intended for children under 13 years of age. We do not knowingly collect information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. Important Healthcare Disclaimer (HIPAA)

sera is NOT a covered entity under the Health Insurance Portability and Accountability Act (HIPAA). This means:

  • sera is an educational wellness tool, not a healthcare provider
  • We do not provide medical advice, diagnosis, or treatment
  • Your conversations with sera are not protected health information (PHI) under HIPAA
  • We are not subject to HIPAA's privacy and security requirements
  • You should not share sensitive medical information with sera

If you need mental health treatment, please consult a licensed healthcare professional. In a crisis, contact emergency services or the 988 Suicide & Crisis Lifeline.

10. Canadian Users (PIPEDA Compliance)

For users in Canada, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). Under PIPEDA, you have the right to:

  • Access: Request access to your personal information we hold
  • Correction: Request correction of inaccurate or incomplete information
  • Consent: Withdraw consent for the collection, use, or disclosure of your information
  • Complaint: File a complaint with the Office of the Privacy Commissioner of Canada

Explicit Consent: By creating an account and using sera, you explicitly consent to the collection, use, and storage of your personal information as described in this policy. You may withdraw this consent at any time by deleting your account.

To exercise your PIPEDA rights, please contact us. We will respond within 30 days.

11. California Residents (CCPA Rights)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

  • Right to Know: Request information about the categories and specific pieces of personal information we collect
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

Do Not Sell My Personal Information

sera does not sell your personal information. We have not sold personal information in the preceding 12 months and do not plan to do so. If this policy changes, we will update this notice and provide you with the opportunity to opt out.

To exercise your CCPA rights, please contact us. We will verify your identity and respond within 45 days.

12. European Union Users (GDPR Rights)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) and applicable local laws provide you with specific rights regarding your personal data:

Your Rights Under GDPR

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete personal data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Restrict Processing: Request limitation of how we use your data
  • Right to Object: Object to our processing of your personal data
  • Right to Withdraw Consent: Withdraw consent at any time where we rely on consent for processing

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide you with our services as described in our Terms of Service
  • Legitimate Interests: To improve our services, ensure security, and prevent fraud
  • Consent: Where you have given explicit consent for specific processing activities
  • Legal Obligation: To comply with applicable laws and regulations

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, typically for the duration of your account plus a reasonable period thereafter. You may request deletion of your account and associated data at any time.

International Data Transfers

Your data may be transferred to servers located in the United States. We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses approved by the European Commission.

Exercising Your GDPR Rights

To exercise any of your GDPR rights, please contact us. We will respond to your request within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

13. Australian Users (Privacy Act 1988)

For users in Australia, we comply with the Privacy Act 1988 and the Australian Privacy Principles (APPs). Under the APPs, you have the right to:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate, out-of-date, or incomplete information
  • Anonymity: Deal with us anonymously or using a pseudonym where practicable
  • Complaint: Make a complaint about how we handle your personal information

Cross-border disclosure: Your data may be transferred to servers in the United States. We take reasonable steps to ensure overseas recipients handle your information in accordance with the APPs.

To exercise your rights or make a complaint, please contact us. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

14. New Zealand Users (Privacy Act 2020)

For users in New Zealand, we comply with the Privacy Act 2020 and its Information Privacy Principles (IPPs). Under the Privacy Act, you have the right to:

  • Access: Request access to your personal information
  • Correction: Request correction of your personal information
  • Complaint: Make a complaint to us or the Privacy Commissioner

Cross-border disclosure: Before disclosing your information overseas, we ensure that the recipient is subject to comparable privacy protections or that you have authorised the disclosure.

Notifiable Privacy Breaches: If we experience a privacy breach that poses a risk of serious harm, we will notify the Privacy Commissioner and affected individuals as required by law.

To exercise your rights, please contact us. If you are not satisfied with our response, you may lodge a complaint with the Office of the Privacy Commissioner (privacy.org.nz).

15. International Users

Your information may be transferred to and processed in the United States or other countries where our service providers operate. By using sera, you consent to this transfer.

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the service. Your continued use after changes constitutes acceptance of the updated policy.

17. Company Information

sera is operated by:

Sera Companion Inc.

Ontario, Canada

Email: privacy@trysera.io

Data Protection Officer

For GDPR-related inquiries or Canadian privacy law (PIPEDA) requests, you may contact our Data Protection Officer at dpo@trysera.io.

18. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us.

Your Privacy Matters

We're committed to protecting your privacy and being transparent about our data practices. If you have any concerns, please don't hesitate to reach out to us.